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Disclosure to Promote the Right To Information 

Whereas the Parliament of India has set out to provide a practical regime of right to 
information for citizens to secure access to information under the control of public authorities, 
in order to promote transparency and accountability in the working of every public authority, 
and whereas the attached publication of the Bureau of Indian Standards is of particular interest 
to the public, particularly disadvantaged communities and those engaged in the pursuit of 
education and knowledge, the attached public safety standard is made available to promote the 
timely dissemination of this information in an accurate manner to the public. 
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NATIONAL FOREWORD 

This Indian Standard (Part 2) (First Revision) which is identical with ISO 9564-2 : 2005 'Banking — 
Personal Identification Number management and security — Part 2: Approved algorithms for PIN 
encipherment' issued by the International Organization for Standardization (ISO) was adopted by the 
Bureau of Indian Standards on the recommendation of the Banking and Financial Services Sectional 
Committee and approval of the Management and Systems Division Council. 

The text of ISO Standard has been approved as suitable for publication as an Indian Standard without 
deviations. Certain conventions are, however, not identical to those used in Indian Standards. 
Attention is particularly drawn to the following: 

a) Wherever the words 'International Standard' appear referring to this standard, they should 

be read as 'Indian Standard'. 

b) Comma (,) has been used as a decimal marker, while in Indian Standards, the current 
practice is to use a point (.) as the decimal marker. 

In this adopted standard, reference appears to the following International Standard for which Indian 
Standard also exists. The corresponding Indian Standard, which is to be substituted in its place, is 
listed below along with its degree of equivalence for the edition indicated: 



International Standard 

ISO 9564-1 : 2002 Banking — Personal 
Identification Number (PIN) 

management and security — Part 1: 
Basic principles and requirements for 
online PIN handling in ATM and POS 
systems 



Corresponding Indian Standard 

IS 15042 (Part 1) : 2006 Banking — 
Personal Identification Number 
management and security: Part 1 Basic 
principles and requirements for online 
PIN handling in ATM and POS systems 
(first revision) 



Degree of 
Equivalence 

Identical 



The technical committee responsible for the preparation of this standard has reviewed the provisions 
of the following International Standards referred in this adopted standard and has decided that they 
are acceptable for use in conjunction with this standard: 



International Standard 



Title 



ISO 9564-3 

ISO/IEC 10116 

ISO 11568-2: 1994 

EMV 2000 

ANSI INCITS 92-1981 
ANSIX9.52-1998 
AS 2805.5.3-1992 



Banking — Personal Identification Number management and security — 
Part 3: Requirements for offline PIN handling in ATM and POS systems 

Information technology — Security techniques — Modes of operation for 
an n-bit block cipher 

Banking — Key management (retail) — Part 2: Key management 
techniques for symmetric ciphers 

Integrated Circuit Card Specifications for Payment Systems, Book 2: 
Security and Key Management 11 

Data Encryption Algorithm [formerly ANSI X3.92-1981 (R1998)] 2) 

Triple Data Encryption Algorithm Modes of Operation 2 * 

•Electronic funds transfer — Requirements for interfaces — Ciphers — 
Data encipherment algorithm 2 (DEA 2) 3) 



1) EMV: Europay, Mastercard, VISA. 

2) American National Standards Institute Standard. 

3) Standards Australia Standard. 
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Indian Standard 

BANKING — PERSONAL IDENTIFICATION NUMBER 
MANAGEMENT AND SECURITY 

PART 2 APPROVED ALGORITHMS FOR PIN ENCIPHERMENT 

( First Revision ) 



1 Scope 

This part of ISO 9564 specifies algorithms for the encipherment of Personal Identification Numbers (PINs). 
These algorithms, based on the approval processes established in ISO 9564-1, are the data encryption 
algorithm (DEA) and the RSA encryption algorithm. 

2 Normative references 

The following referenced documents are indispensable for the application of this document. For dated 
references, only the edition cited applies. For undated references, the latest edition of the referenced document 
(including any amendments) applies. 

ISO 9564-1, Banking— Personal Identification Number (PIN) management and security — Parti: Basic 
principles and requirements for online PIN handling in ATM and POS systems 

ISO 9564-3, Banking — Personal Identification Number management and security — Part 3: Requirements for 
offline PIN handling in ATM and POS systems 

ISO/IEC 10116, Information technology — Security techniques — Modes of operation for an n-bit block cipher 

ISO 1 1 568-2: 1 994, Banking — Key management (retail) — Part 2: Key management techniques for symmetric 

ciphers 

EMV2000, Integrated Circuit Card Specifications for Payment Systems, Book 2: Security and Key 

Management^ 

ANSI INCITS 92-1981, Data Encryption Algorithm [formerly ANSI X3.92-1981 (R1998)] 2) 

ANSI X9. 52-1 998, Triple Data Encryption Algorithm Modes of Operation 2 ^ 

AS 2805.5.3-1992, Electronic funds transfer— Requirements for interfaces — Ciphers — Data encipherment 
algorithm 2 (DEA 2) Z) 



1) EMV: Europay, Mastercard, VISA. 

2) American National Standards Institute standard. 

3) Standards Australia standard. 
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3 Data Encryption Algorithm (DEA) 

3.1 Definition 

The definition of DEA shall be in accordance with that published in ANSI X3.92:1981. 

3.2 Specification 

Encipherment, using the TDEA, of the PIN blocks according to ISO 9564-1 shall be achieved using the 
algorithm operating in the Electronic Code Book (ECB) mode (with n equal to 64) in accordance with 
ISO/IEC 10116. Each TDEA encryption/decryption operation is a compound operation of DEA 
encryption/decryption operations, as defined in ISO 11568-2 and ANS X9.52. 

4 RSA encryption algorithm 

4.1 Definition 

The definition of the RSA 4 * encryption algorithm shall be in accordance with that published in 

AS 2805.5.3:1992. 

4.2 Specification 

Encipherment, using RSA, of the PIN blocks according to ISO 9564-3 shall be achieved in accordance with 

EMV 2000, Book 2. 

4.3 Applicability 

This algorithm is approved for use with ISO 9564-3 only. 



4) Named after its inventors, Ronald Rivest, Adi Shamir and Leonard Adleman. 



Bureau of Indian Standards 

BIS is a statutory institution established under the Bureau of Indian Standards Act, 1986 to promote 
harmonious development of the activities of standardization, marking and quality certification of 
goods and attending to connected matters in the country. 

Copyright 

BIS has the copyright of all its publications. No part of these publications may be reproduced in any 
form without the prior permission in writing of BIS. This does not preclude the free use, in the course 
of implementing the standard, of necessary details, such as symbols and sizes, type or grade 
designations. Enquiries relating to copyright be addressed to the Director (Publications), BIS. 

Review of Indian Standards 

Amendments are issued to standards as the need arises on the basis of comments. Standards are 
also reviewed periodically; a standard along with amendments is reaffirmed when such review indicates 
that no changes are needed; if the review indicates that changes are needed, it is taken up for revision. 
Users of Indian Standards should ascertain that they are in possession of the latest amendments or 
edition by referring to the latest issue of 'BIS Catalogue' and 'Standards: Monthly Additions'. 

This Indian Standard has been developed from Doc: No. MSD 7 (307). 
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